CISA issued an alert indicating that APTs are gaining full access to industrial control systems, marking only the seventh ever identified malware targeted specifically at ICS. This is the first time that an industrial cyber capability has been found prior to its deployment. The malware allows the bad actors to scan, compromise and control affected devices once they’ve gained access.
In response to the alert issued by CISA, below is a comment by Marty Edwards, VP for OT Security, Tenable.
“The joint advisory issued by the US Government about advanced tools being used to target Industrial Control Systems and Operational Technology environments is concerning. If attackers are successful, the consequences of such intrusions are vast and can be potentially devastating. When your adversary is using advanced tools to potentially disrupt your system then organizations must have the people, processes and technology in place beforehand to harden their environments and detect any malicious activity.
“The actors are apparently capable of directly interacting and manipulating the OT devices referenced in the advisory, so it is imperative that asset owners and operators are continuously monitoring for any malicious communications to these devices as well as monitoring for any changes to the configuration or logic inside the devices in real-time.
“The advisory states that actors could elevate privileges, move laterally within an OT environment, and disrupt critical devices or functions. Asset owners and operators should have systems in place to monitor for credential abuse and or discover accounts that are not adhering to the principle of least privilege.” Marty Edwards, VP for OT Security, Tenable